How do I troubleshoot health check failures for Amazon ECS tasks on Fargate?

00:00

[Music]

00:01

[Applause]

00:02

[Music]

00:07

hello I'm a Monica a technical account

00:09

manager here at the AWS office in Boston

00:12

today I'm going to show you how to

00:14

troubleshoot health check failure for

00:16

the Amazon elastic container service

00:18

task on ews farget let's get started if

00:22

you receive either of these

00:28

errors try this troubleshooting steps

00:31

after logging into the AWS Management

00:34

console select the region navigate to

00:37

the elastic container service in

00:41

console select the ECS cluster that you

00:44

are

00:45

troubleshooting select the ECS

00:49

service go to configuration and

00:51

networking tab go to task definition

00:55

under a service configuration and open

00:57

in new tab

01:02

select the Json Tab and note down the

01:04

container Port configuration in my case

01:07

I'm using the port

01:11

80 let's go back to the ECS service

01:14

configuration and networking page select

01:17

the security group associated with your

01:20

container from the network configuration

01:22

in Security Group check the inbound

01:25

rules if your container is mapped to the

01:28

port 80 confirm that your container

01:30

Security Group allows the inbound

01:32

traffic on a port 80 for the Lord

01:36

balancer High CPU can make your

01:38

application unresponsive and that can

01:41

also result in fire2 error you can

01:43

monitor the CPU and memory utilization

01:46

under the health and Metric tab if your

01:49

application needs more time to warm up

01:51

than the timeout value specified in the

01:53

health check settings of the target

01:54

group then specify a health check risk

01:57

period as an Amazon ECS service

01:59

definition parameter this instruct the

02:02

service schedular to ignore any failed

02:04

load balancer H check for a predefined

02:06

time period after a task has been

02:09

instated this is only valid if your

02:12

servic is configured to use the load

02:14

balancer if your service has a load

02:16

balance defined and you do not specify a

02:20

h check grace period value then the

02:22

default value of zero is used to edit

02:26

the value click on update service

02:30

go to load balancing and adjust the he

02:33

check grace

02:36

period then click on update I'm not

02:40

going to change so clicking on the

02:42

cancel

02:43

button now let's confirm that the heal

02:46

check Port value for your load balance

02:49

or health is configured correctly if

02:51

this port is not configured correctly

02:54

then your load balancer marks the task

02:57

that is registered as a Target in the

02:59

target group as unhealthy and the

03:01

service scheduler then deregister the

03:03

task for the Target group go to task tab

03:08

select running task select Network

03:11

binding on a container details the hche

03:15

port must be configured to use the host

03:17

Port value for the container in your

03:20

service task definition that you're

03:22

using with the H Che choose ECS

03:28

service select the Target group

03:30

associated with ECS

03:33

service go to the health check

03:36

tab make sure that heal check port and

03:39

heal check path are configured correctly

03:42

make sure that you use the traffic port

03:44

or predicated health check Port if you

03:46

have configured

03:47

that for further troubleshooting check

03:50

your application logs for the

03:52

application error make sure that your

03:54

backend database is connected

03:56

successfully this assume that your

03:58

application is running as a set of task

04:00

launched by the ECS on thews forget it

04:03

also assume that your application cannot

04:05

communicate with Amazon relational

04:07

database

04:10

service if you receive a 504 error such

04:13

as

04:16

this you can receive a 504 error for any

04:19

of these reasons your load balancer

04:21

failed to establish the connection to

04:23

the Target before the connection time

04:25

out expired your load balancer establish

04:29

the connection to the Target but the

04:30

target did not response before the idle

04:33

timeout period elapsed the network

04:36

access control list for your subnet did

04:38

not allow the traffic from the target to

04:40

the load balancer nodes on the FML

04:43

ports try this troubleshooting steps

04:46

after logging into the AWS Management

04:48

console select the region and then

04:51

navigate to the elastic container

04:52

service in

04:55

console select the ECS cluster that you

04:58

are troubleshooting

05:02

select the ECS

05:04

service select the target group

05:06

associated with ECS

05:09

service go to the health checks tab make

05:13

sure that the response timeout value is

05:15

set correctly the response timeout is

05:17

the amount of the time that your

05:19

container has to return a response to

05:22

the health check request if this value

05:24

is lower than the amount of the time

05:26

required for a response then the health

05:28

check fails

05:31

if you receive the following error the

05:33

containers in your task are using the H

05:35

check that your service cannot

05:39

pass try this troubleshooting steps

05:42

confirm that the command that you are

05:43

passing to the container is correct and

05:46

has the right syntax check your

05:48

application logs and Amazon Cloud watch

05:50

logs if the task has been running for a

05:53

while after logging into the AWS

05:56

Management console select the region

05:58

navigate to the elastic container

06:00

service in

06:02

console select task definition from the

06:05

left side of the navigation page select

06:08

the task definition that you are

06:14

troubleshooting go to the Json tab look

06:16

for the health check and then confirm

06:19

that the command that you are passing to

06:20

the container is correct and has the

06:22

right

06:23

syntax now let's see how to check the

06:26

task logs for the further

06:28

troubleshooting select the cluster from

06:30

the left side of the navigation page

06:32

select the ECS cluster that you are

06:35

troubleshooting select the ECS

06:38

service navigate to task

06:41

Tab and select the task that you are

06:46

troubleshooting go to logs tab you can

06:49

view task logs here or you can click

06:52

view logs in cloudwatch which opens the

06:54

associated log stream in the cloudwatch

06:57

console you cannot access the underlying

07:00

host because forget is managed by DWS

07:03

for further troubleshooting launch your

07:06

Amazon is task in Amazon ec2 then

07:09

connect to your ec2 instance using

07:12

SSH so now you know how to troubleshoot

07:15

he check failures on ECS task on ews

07:18

forget thanks for watching and happy

07:21

cloud computing from all of us here at

07:23

thews

07:25

[Applause]

07:27

[Music]

07:32

[Music]